Description
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Centrora Security Multiple Vulnerabilities (6.5.6)
WordPress 4.0.x Possible SQL Injection Vulnerability (4.0 - 4.0.19)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)
Envoy Proxy Overly Restrictive Regular Expression Vulnerability (CVE-2025-46821)